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Abstract. We give interpretations of some known key agreement protocols 
in the framework of category theory and in this way we give a method of 
constructing of many new key agreement protocols. 



1. Introduction 

Key agreement is one of the fundamental cryptographic primitives after encryp- 
tion and digital signature. Key agreement protocols (KAPs) allow two or more 
parties to exchange information among themselves over an adversarially controlled 
insecure network and agree upon a common session key, which may be used for 
later secure communication among the parties. Thus, secure KAPs serve as basic 
building block for constructing secure, complex, higher level cryptographic proto- 
cols. 

The first pioneering work for key agreement is the Diffie-Hellman protocol given 
in their seminal paper [2] that invents the public key cryptography and revolution- 
izes the field of modern cryptography. In [2j a two-party key agreement protocol 
was proposed. There have been many attempts to provide authentic key agreement 
based on the Diffie-Hellman protocol [3J[Sl[71in] • 

In the last few years some efforts have been made to construct KAP using hard 
problems in infinite non-commutative groups. Here we only mention the idea based 
on conjugacy search problem which were reckoned as potentially hard problem for 
construction of one-way functions [HH]. To realize proposed algorithms the main 
attempts were directed to the suitable platform group selection. 

Recently in [8 the KAP has been constructed using matrix power functions based 
on matrix ring action on some matrix set and generalizing the Diffie-Hellman KAP. 
It has been suggested that main advantage of the proposed KAP is considerable 
fast computations and avoidance of arithmetic operations with long integers. 

The aim of this work is to suggest a general scheme of constructing KAPs using 
the category theory. We assume the reader is familiar with categories (we refer 
to the classical book of Mac Lane [5_ for the background in Category Theory). 
Based on the structure of categories, we present the above mentioned KAPs as very 
particular cases of our categorical KAPs. Working new examples of our categorical 
KAPs will be given in subsequent papers. 
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2. Key Agreement Protocols Related to Categories 
In this section we define KAPs which are arisen from the structure of categories. 

2.1. KAP based on categories. Let C be a (non-empty) category and let A, B be 

objects of C such that Hom(A, B) ^ 0. We suggest the set Hom(A, B) to be a set 
of possible keys, while Hom(A,yl) and Hom(_B,i3) are monoids which can be used 
by Alice and Bob, respectively, for actions on Hom(A, B) if they wish to create a 
shared key. According to the structure of the category C, Alice is able to act on the 
set of possible keys using the right action of Hom(A,yl) on Hom(A, S). Similarly, 
Bob is able to act on the set of possible keys using the left action of Hom(i?, B) on 
Hom(A,_B). Let 17 be a publicly known element of the set Hom(yl, _B). Then, for 
creating a shared key, Alice and Bob can proceed as follows: 

1. Alice selects at random an element / G Hom(A, A) and computes composi- 
tion g • /, and sends it to Bob; 

2. Bob selects at random an element h G Hom(i?, B) and computes composi- 
tion h ■ g, and sends it to Alice; 

3. Alice computes ka = {h ■ g) ■ f , while Bob computes kf, — h ■ {g ■ f); 

4. Since {h ■ g) ■ f — h ■ {g ■ f), the shared key is k — ka — ki, ^ Hom(A, B). 

This protocol, based on the structure of the category C, is called the categorical key 
agreement protocol (CKAP). 

2.2. General form KAP based on enriched categories. In this subsection we 
give another scheme of KAP induced by a structure of a category, but which is en- 
riched over the category of abelian groups, i.e. a category whose morphism sets are 
abelian groups satisfying some axioms (see [5]). This construction generalizes the 
KAP given in previous subsection and motivated by some known KAPs. Namely, 
our approach makes it possible to interpret many known KAPs as particular cases 
of our construction. 

Let 2? be a (non-empty) enriched category over the category of abelian groups. 
Clearly, it means that for any objects A and B in this category IIom(A, A) and 
Hom(i?, B) are unital rings, IIom(A, B) is an abelian group and composition of 
morphisms in V is bilinear. Let A, B be objects of T) such that IIom(A, B) ^ 0. Let 
m, n G N be natural numbers, Aa and Ba commuting subrings of the n x n-matrix 
ring M„ ( IIom(A, A)) , while Ab and Bb commuting subrings of m x m-matrix ring 
Mm ( IIom(_B, _B)) . Let 93 be a publicly known m x n-matrix over the abelian group 
IIom(A, B). If Alice and Bob wish to create a common secret key, they can proceed 
as follows: 

1. Alice selects at random matrices -00 G A a and G AB^ computes product 
of matrices uJa ■ ip ■ ipa, and sends it to Bob; 

2. Bob selects at random matrices G Ba and lj^ G Bb^ computes product 
of matrices ujf, ■ (p ■ ipb^ and sends it to Alice; 

3. Alice computes ka = LOa ■ ■ ^ ■ "^Pb ■ '>JJa, while Bob computes kb — ujb ■ uJa ■ 

4. Since tUa ■ oJb — '^b ■ and ipb ■ ipa = ipa ■ '4'b, the shared secret key is the 
m X n-matrix k = ka = kb over the abelian group Hom(A, B). 

This protocol is called the enriched categorical key agreement protocol (ECKAP). 
The following assertion relates two categorical KAPs presented in this section. 
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Theorem 2.1. There is a universal faithful functor T from the category of cat- 
egories to the category of enriched categories over the category of abelian groups. 
According to this correspondence, any CKAP related to a category C can be inter- 
preted as a ECKAP related to the enriched category T{C). 

Proof. We just construct the functor T and omit the proof of its universality since 
it directly follows from the construction. In fact, for any category C define the 
category T{C) as follows: its objects class coincides with the objects class of C, 
while Homrpi^Q {A, B) is the free abelian group generated by the set Home (A, B) for 
any A, B T{C). The composition of morphisms in T{C) is obviously induced by 
the composition of morphisms in C. Then it is easy to check that }lomrp(^Q{A, A), 
A G T{C), is unital ring, the composition is bilinear and all axioms of enriched 
category satisfied. Hence the category T(C) is enriched over the category of abelian 
groups. 

Given a category C, one can obtain its corresponding CKAP as ECKAP of the 
enriched category T(C) by assuming m = n = 1, and Ba and Ab to be subrings of 
M„(Hom(A, A)) and Afm( Hom(i?, i?)) generated by the unital matrices, respec- 
tively. □ 

Remark 2.2. In our constructions one can successfully use an enriched category 
over any symmetric monoidal category, e.g. over the category of abelian monoids 
(see Theorem 13. 3p . 

2.3. Security problem of CKAP and ECKAP. It is assumed that any KAP 
must be secure up to solving a certain mathematical problem in a reasonable length 
of time. One can see that CKAP and ECKAP are based on the conjecture that a 
function defined by composition of morphisms in a category is a one-way function in 
general. We suggest that the security of CKAP and ECKAP depends on concrete 
model of a given category, i.e. the cardinality of "Hom-sets" and non-triviality of 
the morphism composition. We also would like to mention that the security of our 
categorical KAPs is not less than the security of the Diffie-Hellman KAP [2i and Ko 
et al. KAP [4], since they are particular cases of our KAPs (see Section [3|). Further 
discussion on the security problems will be developed in subsequent papers where 
the concrete implementations of our KAPs are given. 

3. Interpretations of some well-known KAPs 

In this section we show that some of well-known KAPs are particular cases of 
our general categorical KAPs. 

3.1. DifRe-Hellman KAP as CKAP. Diffie-Hellman Key Agreement Protocol 
is defined in [2j. It has the following form. Let G be a cyclic group, and g a 
generator of G, where both g and its order s are publicly known. If Alice and Bob 
wish to create a shared key, they can proceed as follows: 

1. Alice selects uniformly at random an integer m G [2,s — 1], computes g™, 
and sends it to Bob; 

2. Bob selects uniformly at random an integer n e [2, s — 1], computes 5", and 
sends it to Alice; 

3. Alice computes km = (g")™, while Bob computes kn = (5™)"; 

4. The shared key is thus k = k„i = kn G G. 
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Theorem 3.1. The Diffie-Hellman KAP is a CKAP based on a certainly con- 
structed category. Moreover, one can interpret it as a ECKAP. 

Proof. Let us construct a category C as follows: let C have only two objects A and 
B; let the morphism sets be Honi(A, A) = N, Hom(B, B) = N, Hom(A, B) = G and 
Honi(_B,^) — 0, where N is the abelian monoid of natural numbers with respect 
to usual product; and let the composition of morphisms be defined by the formulas 

n ■ g — g^^ and g ■ m — g™, to, rt G N, g E G. 

It is easy to see that the CKAP arisen from the structure of so defined category C is 
exactly the Diffie-Hellman KAP. Thanks to Theorem 12.11 the rest of the assertion 
follows. □ 



3.2. Ko-Lee-Cheon-Han-Kang-Park KAP as CKAP. Recall Ko-Lee-Cheon- 
Han-Kang-Park key agreement protocol (Ko et al. KAP) given in [4]. Let G be 
a non-abelian group and Ha, Hg its commuting subgroups. Let g be a publicly 
known element of G. If Alice and Bob wish to create a common secret key, they 
can proceed as follows: 

1. Alice selects at random an element a e Ha, computes ""g = aga^^, and 
sends it to Bob; 

2. Bob selects at random an element b G Hb, computes ^g = bgb^^, and sends 
it to Alice; 

3. Alice computes ka — ^{''g), while Bob computes fcb — ^{°'g)] 

4. The common secret key is k — ka = ki, € G . 

Theorem 3.2. Ko et al. KAP is a CKAP arisen from a certainly constructed 
category. Moreover, one can interpret it as a ECKAP. 

Proof. Let us construct a category C as follows: let C have only two objects A and 
B; let the morphism sets be Hom(^, A) = Ha, Hom(i?, B) ^ Hb, IIom(A, B) = G 
and IIom(i?, A) = 0; and let the composition of morphisms be defined by the 
equalities 

a ■ a' — a' a, b ■ b' = bb' , g ■ a ^ aga^^ and b ■ g = bgb~^ 

for a, a' G IIom(A,A), b,b' G llom{B,B) and g G IIom(A, i?). It is clear that the 
CKAP arisen from the category C is exactly the Ko et al. KAP. Now, using again 
Theorem 12.11 completes the proof. □ 



3.3. Sakalauskas-Listopadskis-Tvarijonas KAP as ECKAP. In [8] E. Saka- 
lauskas, N. Listopadskis, and P. Tvarijonas defined KAP (Sakalauskas et al. KAP) 
based on matrix power function. Now we recall it but in a slightly reformulated 
form. Let 5 be a semiring and A4 a iS-semibimodule, i.e. there exist bilinear, right 
and left actions of S on abelian monoid satisfying the following associative law 

{lni)r ~ l(mr) l,r G S, to G A4. 

Let fc be a natural number and let Mk{S) and Mk{A4) denote k x fc-matrix semiring 
over S and k x fc-matrix abelian monoid over A4, respectively. It is well known 
that Mk{A4) is a (iS)-semibimodule with respect to the naturally induced right 
and left actions by the rule of standard matrix multiplication. Let be a publicly 
known fc x fc-matrix in Mk (A^) , while Aa and Ab be two subsemirings of commuting 
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matrices in Mk{S). If Alice and Bob wish to create a common secret key, they can 
proceed as follows: 

1. Alice selects at random secret matrices ipa G Aa and uia € -^b, computes 
product of matrices uia ■ ■ tpa and sends it to Bob; 

2. Bob selects at random secret matrices Vb G and ojb & Ab computes 

product of matrices ujh ■ f ■ ipb and sends it to Alice; 

3. Both parties compute the following common secret (key) matrix k: 

k = UJa ■ ^^b ■ ^ ■ Tpb ■ Ipa = LUb ■ i^a ■ ^ ■ Ipa ■ Ipb- 

Theorem 3.3. Sakalauskas et al. KAP is a ECKAP arisen from a certainly con- 
structed enriched category over the category of abelian monoids. 

Proof. According to the structure of iS-semibimodule M, one constructs the en- 
riched category over the category of abelian monoids V with two objects A, B and 
the following "Hom-objects" : 

Hom(yl, A)=S Hom(B, B) = S Hom(A, B) = M, Hom(B, A) = 0, 

while the composition is defined by the right and left actions of 5 on Al. Now, it 
is obvious that the ECKAP arisen from the enriched category V coincides with the 
Sakalauskas et al. KAP. □ 



4. Categorical multi-party KAP 

This section is only devoted of suggesting a multi-party KAP based on the struc- 
ture of a category, and hence showing an advantage of categorical approach to 
construct easily multi-party KAPs. Further investigation of our categorical multi- 
party KAP and its working examples will appear in our subsequent papers. 

Suppose there is a set S = {Ai. A2. . . . , An} of n users. If they wish to agree a 
common secret key and for that to use open insecure channels, they can proceed as 
follows: 

Step 1. Chose an order in S, i.e. S = (Ai, ^2, • . • , An) ; 

Step 2. A category C is public. For each user Ai, 1 < i < n, it is chosen an 
object Ci G C publicly and {n — 1) elements {gi, . . . ,gn-i} such that gi G 
Hom(Cj,Ci+i); 

Step 3. Any user Ai, 1 < i < n, chose randomly an element fi G Hom(Ci,C,) and 
computes 

gtft for i = l, 

fiQi-i for i = n, 

figi-i and gifi for l<i<n. 

Then any user Ai sends gifi to any other user Aj for j > i and sends figi-i 
to any other user Aj for j <i. 
Step 4. Thanks to the associative law of morphism composition in the category C 
any user Ai computes 

ki = ifn9n-l) ■ ■ ■ {fi+igi)fi{9i-lfi-l) ■ ■ ■ (51/1) 
= fn9n-l ■ ■ ■ fi+igifi9i-lfi-l ■ ■ ■ ffl/l = k 

and obtain a common element k € Hom(Ci, C„). 
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